Insurance Agent Trainer
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: insurance-agent-trainer Version: 2.0.0 The skill bundle is a comprehensive AI-powered insurance training system designed to parse product documents, generate question banks, and schedule agent training. The code in `scripts/product_parser.py` includes network requests to official Chinese lottery websites (cwl.gov.cn and sporttery.cn) to fetch data for probability-based training scenarios, which is consistent with the stated purpose. There is no evidence of data exfiltration, malicious execution, or harmful prompt injection in the SKILL.md or Python scripts.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may generate persuasive or pressure-oriented scripts for selling insurance products.
The skill includes high-pressure insurance sales coaching language. This is aligned with agent-training purpose, but it could encourage manipulative financial-product sales tactics if used without compliance review.
"L3": "回马枪+压力促成,让客户感觉自己在做决定"
Use the skill as training material only, require licensed/compliance review, and avoid deploying pressure tactics directly with customers.
Running the helper can contact external public websites and reveal basic request metadata such as IP address and user-agent.
The product parser includes fixed outbound HTTP requests to public lottery APIs for training-case data. The calls are disclosed and do not appear to send user documents or credentials.
resp = requests.get(url, params=params, headers=headers, timeout=15)
Run the external-data helper only when needed, document the network behavior, and keep product/customer documents out of those API calls.
Users have limited source/provenance information for verifying the package identity outside the provided artifacts.
The README references an npm-based install path while the registry metadata lists the source as unknown and there is no install spec in the supplied artifacts. No unsafe install-time behavior is shown, but provenance is limited.
npx clawhub install @gechengling/insurance-agent-trainer
Install from the ClawHub registry entry you intended to use, verify the package owner/source before using npm alternatives, and review code before executing helper scripts.